Bug 401780

Summary: Add option to disable emails from automatically opening URLs
Product: [Applications] kmail2 Reporter: Ben Daines <benjamindaines>
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: benjamindaines, jjm
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Ben Daines 2018-12-05 16:55:16 UTC 
I've noticed that some emails will automatically open web pages upon opening the email.  Unfortunately I cannot share an example email as it contains way too much personal information.  This situation is not only annoying (I assure you it's extremely annoying), but is a security risk as well.  An option to disable it should be added.  

I'm not HTML wizard, but it seems like this line in the header may be what's doing it.  

https://www.w3schools.com/tags/att_meta_http_equiv.asp
Comment 1 Jonathan Marten 2018-12-06 09:02:02 UTC 
Is this as described in https://www.kde.org/info/security/advisory-20181128-1.txt?
If so, it is fixed in KDE Applications 18.12.0.
Comment 2 Ben Daines 2018-12-06 18:59:38 UTC 
Sure looks to be the same.
Comment 3 Christoph Feck 2018-12-27 20:06:01 UTC 
Thanks for the update; changing status. If you still see security issues, please add a comment or report directly to https://www.kde.org/info/security/